Security News
Get Total AV Login

Apple Removes Facebook's Snooping VPN App from the App Store

Apple has stepped up and removed Facebook’s free VPN app, Onavo Protect, from its App Store

Published by Claire Broadley

Onavo Protect was found to be snooping on user activity and reporting it back to Facebook HQ. In the world of VPN apps, this is a pretty obvious no-no.

What’s more, Onavo Protect was sending data back to Facebook when the app itself was not running.

Onavo Protect is still available for Android, but it goes by another name: Protect Free VPN+ Data Manager.

What Did Onavo Protect Collect?

Will Strafach, a cybersecurity researcher, decided to look into Onavo Protect in detail.

He found that the app was picking up information about the user’s WiFi usage, data usage, time connected to the free VPN connection, and details of when the device was switched on and off.

 

Photo by Tim Bennett on Unsplash

Information about the amount of data used was connected when the VPN was not active. The whole lot was bundled back to a Facebook-owned domain: graph.facebook.com.

Alarmingly, Onavo Protect was promoted within the Facebook app for mobile devices as far back as February this year. At the time, various media outlets warned users not to install it. Gizmodo referred to it as “corporate spyware”.

Some countries block Facebook at a national level; China is one of the best examples. So it’s in Facebook’s interests to provide apps like Onavo to work around those blocks. It purchased Onavo in 2013 for a fee said to be in the region of $100 million.

But it’s seemingly used its VPN to harvest even more data about individuals to boost its already huge archives. And given Facebook’s track record, that’s a pretty stark development.

Beware Free VPN Apps

Most VPN users are interested in protecting their privacy online. In theory, a good VPN provider should not keep any logs about what you’re accessing, or how you connect.

But some providers are more honest about their logging activity than others. And in the case of Onavo Protect, it isn’t really a true VPN at all.

At a high level, free VPNs tend to be more risky than paid ones because they may have a vested interest in selling your data to other companies to make money.

 

Photo by Markus Spiske on Unsplash

If you are looking for a good quality VPN, we recommend looking at the industry leaders and checking all their policies on data logging in detail. There’s a huge amount of variation in what these apps do behind the scenes, and the claims they make on their website homepage might be written in a way that disguises what information is being collected and tracked.

Finally, before installing any browser extensions or apps that offer free VPN services, check the terms carefully. If they sound too good to be true, they probably are.